Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-31530

    Missing Authorization vulnerability in smackcoders Google SEO Pressor Snippet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Google SEO Pressor Snippet: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31639

    Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-36599

    Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certa... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-31529

    Missing Authorization vulnerability in Rashid Slider Path for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slider Path for Elementor: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-36026

    IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The... Read more

    Affected Products : datacap datacap_navigator
    • Published: Jun. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-31239

    A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: May. 12, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-3446

    Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3634

    A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step veri... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-3640

    A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3880

    The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible... Read more

    Affected Products : poll\,_survey_\&_quiz_maker
    • Published: Jun. 17, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-25045

    IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-25143

    Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Feb. 07, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-25001

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge edge_chromium
    • Published: Apr. 04, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-27188

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security m... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3629

    IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.... Read more

    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-52813

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverifie... Read more

    Affected Products : matrix-rust-sdk
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-24920

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-27317

    Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid allows Cross Site Request Forgery. This issue affects RAYS Grid: from n/a through 1.3.1.... Read more

    Affected Products : rays_grid
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-2942

    The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-23407

    Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization
Showing 20 of 294690 Results